Kaspersky Lab reports BIOS infections are making a cybercriminal comeback

Delving in to the reports reveals that the firm’s analysts noted a continued growth in cyber-attacks against some of the world’s biggest corporations throughout the third quarter.

When it comes to attacking smartphones, Kaspersky says there were clear signs that cybercriminals have made Android their platform of choice.

Increasingly sophisticated operations by malicious programs were also noted in Q3 along with some tried-and-tested methods: innocuous QR codes are now being used to conceal malware and computers are facing threats even before their operating systems start as cybercriminals start to revisit their old BIOS infection methodologies.

The third quarter of 2011, notes the report, saw corporate networks targeted by unidentified hackers as well as attacks by the hacktivist group Anonymous.

Targets included the Italian cyber police, several US police units, and FBI contractors. Hackers also targeted the defense contractors Mitsubishi Heavy Industries and Vanguard Defense. These - and numerous other similar attacks - resulted in malicious users gaining access to employee and customer data, internal documentation, correspondence and classified data.

In July, says the report, the DigiNotar certificate authority’s servers were hacked, resulting in 531 rogue certificates being generated by cybercriminals.

By using fake SSL certificates for websites, the cybercriminals could access data sent to or from those sites even if an encrypted connection was used. Among the many resources targeted in the DigiNotar case were government agencies in several countries, as well as major Internet services such as Google, Yahoo, Tor and Mozilla.

DigiNotar eventually had to file for bankruptcy as a result of the hack.

Yury Namestnikov, Kaspersky’s senior virus analyst and author of the report, says that the DigiNotar attack was the second time a certificate authority had been hacked this year.

“Although the companies that issue root SSL certificates are required to pass a security audit, it is clear that the level of security at DigiNotar and its counterpart Comodo was far from perfect”, he said.

“The DigiNotar case should serve as a warning for other market players to strengthen their security policies”, he added.

Also during the quarter were a rising tide of malware against the Android smartphone and tablet-computing platform, but a new type of malware infection against smartphones – using QR codes – was spotted.

A QR code, says the report, is essentially a barcode but with a larger storage capacity. Cybercriminals are spreading text message trojans disguised as Android software by encoding malicious links in QR codes.

After scanning the QR codes, mobile devices automatically download a malicious file which then sends text messages to premium-rate numbers.

Perhaps the most curious incident in Q3 saw hackers looking to the past for ideas when they realised that the protection afforded to today’s operating systems makes it virtually impossible to install a rootkit on a running system.

Virus writers, says Namestnikov’s analysis, have once again turned to BIOS in an attempt to infect a system before it even boots up.

It may be more than 10 years since the emergence of the infamous CIH virus (aka Chernobyl) that was capable of infecting computer BIOSes, but the technology behind it is being employed once again, he concludes.

What’s hot on Infosecurity Magazine?